update-ssl-certs.yml

# Run this like so:
# ansible-playbook -i ec2-hosts update-ssl-certs.yml

# To only run this for planningalerts:
# ansible-playbook -i ec2-hosts update-ssl-certs.yml -l planningalerts

# To only run this for openaustralia:
# ansible-playbook -i ec2-hosts update-ssl-certs.yml -l openaustralia

- hosts: ec2
  become: true
  tasks:
    - name: Check if Apache is running
      command: systemctl status apache2
      ignore_errors: yes
      changed_when: false
      register: service_apache_status

    - name: Check if Nginx is running
      command: systemctl status nginx
      ignore_errors: yes
      changed_when: false
      register: service_nginx_status

    - name: Check if Varnish is running
      command: systemctl status varnish
      ignore_errors: yes
      changed_when: false
      register: service_varnish_status

    - name: Pause apache2
      service:
        name: apache2
        state: stopped
      when: service_apache_status is success

    - name: Pause nginx
      service:
        name: nginx
        state: stopped
      when: service_nginx_status is success

    - name: Pause varnish
      service:
        name: varnish
        state: stopped
      when: service_varnish_status is success

    - name: Attempt cert renewal
      shell: letsencrypt renew --no-self-upgrade
      ignore_errors: yes

    - name: Restart varnish
      service:
        name: varnish
        state: started
      when: service_varnish_status is success

    - name: Restart apache2
      service:
        name: apache2
        state: started
      when: service_apache_status is success

    - name: Restart nginx
      service:
        name: nginx
        state: started
      when: service_nginx_status is success